package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net/http"
)

func main() {
	// 注册 client ca证书
	// 读取数据
	//1.读取客户端的证书ca内容
	caCerInfo, err := ioutil.ReadFile("./15-双向认证/client.crt")
	if err != nil {
		fmt.Println("1err", err)
		return
	}
	//2. 创建ca池，
	CertPool := x509.NewCertPool()
	//3.吧crt加入到ca池中
	//将内容加入到ca池中
	ok := CertPool.AppendCertsFromPEM(caCerInfo)
	fmt.Println("ok=", ok)
	//将ca池配置给tls
	cfg := tls.Config{
		RootCAs: CertPool,
		ClientAuth: tls.RequireAnyClientCert,
	}
	// 创建server
	server:=http.Server{
		Addr:      ":9090",
		Handler:   nil,
		TLSConfig: &cfg,
	}
	http.HandleFunc("/test1", test1)

	err=server.ListenAndServeTLS("./14单项认证/cert.crt","./14单项认证/rsa_private.key")
	if err != nil {
		fmt.Printf("http server failed, err:%v\n", err)
		return
	}


}
func test1(w http.ResponseWriter,r *http.Request)  {
	w.Write([]byte("欢迎访问！test1"))
}